Jo David Cummins, president and CEO of Community First Bank of the Heartland in Illinois, laughs off Anonymous' mid-January "hack" of a U.S. Federal Reserve database, which scooped up his record and over 4,000 others. He tellsReuters, "It hasn't been much of a hassle. The information that was on the contact system was the same thing that was on my business card, so it wasn’t like it was anything that could do any harm to me or the bank."

I. Adobe Flaw Likely Exploited by Hackers.

But while it may not be a big deal for most of the affected, the U.S. Federal Bureau of Investigation and the Federal Reserve are taking the incident very seriously. Comments Federal Reserve spokesman Jim Strader, "We are in the process of a comprehensive assessment to determine what information might have been obtained in this incident. We remain confident that this incident did not affect critical operations of the Federal Reserve."

The site that the information leaked from was dubbed Emergency Communication System (ECS). While protected by passwords and encryption, Anonymous was able to circumvent those barriers.

It's possible that the attackers used an SQL injection (aka "Little Bobby Tables") style attack. Such attacks can be prevented if the requests were sanitized.

However, it's also possible that the hackers exploited well-known security flaws in Adobe Systems, Inc.'s (ADBE) Cold Fusion suite, which the site was built upon. In mid-January -- right about the time of the attack -- Adobe patched several critical security flaws that could allow malicious users access to restricted files and even allow them to takeover servers.

An Adobe flaw may have been responsible for the Fed hack. [Image Source: Adobe]

This hotfix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server... Adobe is aware of reports that four vulnerabilities (CVE-2013-0625, CVE-2013-0629, CVE-2013-0631 and CVE-2013-0632, referenced in Security Advisory APSA13-01) are being exploited in the wild against ColdFusion customers.

A 2012 audit at the Fed suggested that a monitoring system be put in place to review security at third-party systems. It's possible the ECS system may fall under that category.

The Federal Reserve System is the backbone of the American banking industry, established before the Great Depression. The oft-criticized institution is a strange mix of private and public parts.

On the public side, regional Fed banks are largely owned by nationally chartered commercial banks, which are required to be shareholders in their local branch. On the other hand, the federal government selects and controls the salary of many of the system's top officials; indeed the President himself personally appoints Fed's Board of Governors.

II. Hackers Still Flaming Mad About Swartz's Death

Many members of the quasi-leaderless hacktivist group Anonymous have been vocal opponents of the Fed and the U.S. commercial banking industry in general, which they label as corrupt and exploitive.

Federal prosecutors had investigated Mr. Swartz after he dumped 4 million papers from the JSTOR network. JSTOR hosts peer-reviewed journal papers, most of which cost money to access. Critics of Mr. Swartz's actions argue that journal fees help sustain the costly march of research in fields such as physics, biology, and genetics. But his supporters argue that academic research should be free to all, not pent up in some ivory cage.

Aaron Swartz

Even some of his critics, though, balked at how the feds allegedly harassed him for the breach. A pairof petitions to fire the prosecutors involved with the criminal case -- Assistant U.S. Attorney Steve Heymann and his boss U.S. District Attorney Carmen Ortiz -- has been attracting substantial attention. The petition to remove DA Ortiz has already received 25,000 signatures, meaning that President Barack Obama must respond to it.

III. Sabu to be Sentenced

In a related reminder, former LulzSec mastermind Hector Xavier Monsegur (handles: "Sabu", "Xavier DeLeon", and "Leon") is set to be sentenced on Feb. 22. Mr. Monsegur had founded the sub-unit of Anonymous and in 2011 led it in hacking Sony Corp. (TYO:6758) severaltimes and also breaching government sites.

Hacker "messiah" Hector Monsegur, a former member of Anonymous's upper echelon is set to be sentenced later this month. His sentence will likely be greatly reduced for his role in "snitching" on his fellow hackers. [Image Source: Fox News]

The hacker was given a sentencing reprieve due to concerns about his safety and his ongoing cooperation with federal investigations. He has plead guilty to 12 federal computer crimes, which carry a maximum theoretical sentence of 124-years. It is likely that his sentences will at a bare minimum be reduced to being served consecutively (which greatly slashes his prison time -- for example Bank Fraud, one of his charged offenses, carries a maximum 30 year sentence).

Putting intelligent, non-violent people in prison sets humanity back. These people, although they broke the 'law' are not criminals of violence; financial harm at best. Information that is leaked, in my opinion, is legitimate for public view. They let bankers who collect massive illegal bonuses, insider trading, etc, serve 3 years in prison, meanwhile, hackers that do a few million in damage to corporations like Sony serve 124 years.

Where the hell is the balance? Don't even get me started on whats obviously wrong with the guys serving 5 year sentences for selling dime-bags of weed on the corner.

He's not saying they shouldn't be punished, he's saying that the system is largely skewed in favor of corporations and those in powerful positions.

The bank example is a good one. They definitely do millions in damages to people through those schemes yet get hit with incredibly lenient sentences comparatively. Even in other areas our justice system is F'ed. Drug sentencing is a great example, as are the big "pirating" cases that have hit (with incredibly unreasonable fines). Here's a controversial one: do you think a sex offender should serve a longer minimum sentence than a murderer while defending themselves as "guilty until proven innocent"? More common than you'd think.

Everything needs to be re-worked because as Anonymous claimed, we crossed that "cruel and unreasonable punishment" line a long time ago to protect corporate interests and political mongering.

quote: 1. Which hackers have been sent to "Death Row"?? Provide names.

2. The Chinese hackers usually attack the same targets as Anonymous. These so-called hacktivists are not heroes, they're as bad as a hostile foreign organization.

3. Ammohunt's alleged psychotic neighbor has nothing to do with this discussion.

1. Exactly how many white-collar financial executives were sent to prison with hefty jail terms or Death Row over their misdeeds, which affected thousands of innocent people and cost taxpayers upwards of billions?

Now compare to how many computer-literate and savvy folks who received jail terms for their comparatively-harmless behavior?

You don't need quack scientists to see why this is full of bull.

2. The problem with your rationale is we're actively sending our best and brightest in computer security into prisons and/or exporting them to China. Why bother to improve information security this side of the globe when doing just that lands you lengthy jail terms and a guaranteed conviction that bars you from ever constructively contributing to society?

The political leaders in Washington currently do not care about cybersecurity of this nation, which is already worrisome enough. But to create more disincentives through repressive law regimes towards decreasing the likelihood of standing on the loser side of cyberwar?

What the hell is wrong with you?

3. You haven't read his latest posts:

quote: So China employs criminals and we put them in jail. As a nation of laws i am not seeing the issue here. If these blackhats had any concern for western civilization they would put on a white hat and contribute to society in a positive way.

quote: This is not the movies! black hats with any skill are in it for personal gain, creating chaos and perhaps the thrill of being bad. Asking them to fight for a concept foreign to them such as the greater good as defined by someone else is laughable at best.

Number one - and I'm sure you'll agree - there is no such thing as a "nation of laws" in this country. What laws? The DMCA, Patriot Act, Department of Homeland Security... these aren't enough proof that the upper echelons of power is ridden with criminals? We even have a president willing to bend us all over with obscure Executive Orders, completely bypassing what little judicial protections and measures that still exist.

Number two - those hacktivists are not the problem. The root cause is none of the retards at Washington DC takes cybersecurity seriously. All half-assed appearances at beginner security theater, nothing of real substantial value is done, forcing the rest of us to take matters into our own hands. Oh but we cannot do that because that act alone is a criminal felony!

Number three - is this really the message you want to advertise to China? To encourage them to continue hacking us, because we're leaving the door wide open for their e-thieving fingers, while believing there is absolutely no downside in cutting the hands that feed us?

quote: 1. Exactly how many white-collar financial executives were sent to prison with hefty jail terms or Death Row over their misdeeds, which affected thousands of innocent people and cost taxpayers upwards of billions?

Apples to oranges. Those executives didn't set out with the malicious intent to cause harm to others or steal information. Comparing them to these hackers is just kinda..warped.

With any crime we must prove intent. That's law 101. If you break a few laws chasing the almighty dollar, hey, you pay a fine or get a slap on the wrist. If you set out to deliberately cause harm, then hey, you GET more harm.

Hyperbole much? Nobody to my knowledge has had this happen for unlocking their phone. Now this has happened to a few people I recall who insisted on providing tools to others on a website looking to unlock their phones. And they were only sued after repeated requests and warnings to cease and desist. Not saying I agree with this policy, I don't. But there IS a huge difference.

I find your arguments to be dishonest and emotive because you aren't actually interested in the context of the issues. You're warping the situations to make an argument, but upon further review, your argument lacks merit entirely.

quote: We even have a president willing to bend us all over with obscure Executive Orders, completely bypassing what little judicial protections and measures that still exist.

Executive Orders bit you mad because that the only real power your prez even has?Take that power away then what power would the elected prez have?It would turn him and or her into the queen of england.Be there for show but can't do jack.Then you could just removed the position of prez and let your fine fine senate and your excellent highly loved congress with it super duper high approval rating fun free ...

And by the way if these guys want to change the world you don't do it piss ant by overt action. You do it by changing minds and building a majority opinion. They have the same problem that all these anti-governemnt guys with a desire to start a revolution do; i.e. you don't bomb a federal building affecting innocent people and expect everyone to endear themselves to you and join you in a revolution! Sinn Féin ring a bell? If you can convince ordinary people your ideas are better they will for the most part naturally follow your lead..i see no leadership in Anonymous. Anonymous actions appear to most as a spoiled malcontent minority opinion throwing a tantrum = net affect 0.

You're advocating vigilantism, you know that right? If people are getting "illegal" bonuses, there are laws and people who's job is to enforce them. It's not up to some hacker to reveal this information.

Oh and what about the hackers who steal millions of peoples credit card info and release them to who knows what? Are they fighting for "justice" too?

I'm the first one to say our justice system needs work. But your argument is just way over-emotional and categorizing criminals and some kind of misunderstood good-guys is just not cutting it. There are many legitimate jobs for someone with those skills.

I have a car, mace and a gun. So hey, I'll just go out tonight and enforce the law. Pull speeders over and write tickets, shoot criminals (but only ones who are really really bad), etc etc. You're okay with that right?

quote: They let bankers who collect massive illegal bonuses, insider trading, etc, serve 3 years in prison, meanwhile, hackers that do a few million in damage to corporations like Sony serve 124 years.

Please provide a link showing when a hacker has been sentenced to 124 years.